This tutorial assumes that you have a running Ubuntu Server, that networking has been set up, and that you have ssh access.

Apache2 is the default webserver used by many Linux installations. It is not the only one available, or the best for all circumstances, but it covers many usage scenarios. During the installation, you may be asked which webserver to reconfigure automatically. Answer 'apache2'.

Update TimeZone and Check Correct Time

To reduce confusion with shared or mirrored data, all servers ought to run as close to as in-sync as possible. Some cryptographic key management systems require accurate time. Lastly, for corporate servers, Sarbanes-Oxley and HIPAA Security Rules require accurate timestamping.

Disable AppArmor Conflicts

While AppArmor is a suite that does provide an additional layer of security, it is my opinion that custom profiles will need to be created for each system. That is something not covered in this tutorial. So for now, we are going to disable it to prevent conflicts with any default configurations.

DOSHashTableSize 2048
DOSPageCount 20 # maximum number of requests for the same page
DOSSiteCount 300 # total number of requests for any object by the same client IP on the same listener
DOSPageInterval 1.0 # interval for the page count threshold
DOSSiteInterval 1.0 # interval for the site count threshold
DOSBlockingPeriod 10.0 # time that a client IP will be blocked for
DOSLogDir “/var/log/apache2/evasive”
DOSEmailNotify admin@domain.com

Stop Slowloris Attacks

An Apache modules also exist for Slowloris attacks, though the module name depends on which version of Ubuntu that you are using. For Ubuntu 12.10 or later:

Now the webserver has been installed and is up and running. Point your web browser at your domain for a default message that confirms you are working. As a final check, run the following to see if your server has any error message. If there are errors, you will want to Google them and address them now.

$ sudo tail -200 /var/log/syslog

Turn off Server Signature

Another source of potential security attacks is associated with web server signature, which reveals the version of Apache and PHP being deployed. The more detailed knowledge attackers have on your system, the better chance they have for exploiting potential vulnerabilities of the system. Follow this guideline to disable server signature on Apache.

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

Paul Crown

Paul Crown is a software developer and business consultant for small businesses. Being a native Texan, he is at home in Austin's technology sector. He has degrees in Electrical Engineering Technology and Computer Science. Paul is constantly reading about new technologies especially involving alternative energy or increasing efficiencies in the home as well as the work environment. He is a Linux over Windows, Blackberry over iPhone, Burbon over Scotch, Brains over Beauty, Lake over Ocean, Night over Morning, Chocolate over Vanilla type of guy.

It's not a firewall, it's more than that. AppArmor allows confining certain services to ensure that a security vulnerability in that service doesn't affect the system. In combination with Apache, it allows you, for example, to confine different php applications so a security issue in one doesn't affect another.

Hi guys, wondered if i could get a bit of help to understand the ddos attack prevention?
I am currently going through the guide to secure apache2.
Do I manually have to type:
DOSHashTableSize 2048
DOSPageCount 20 # maximum number of requests for the same page
etc etc...
In the file /etc/apache2/mods-available/mod-evasive.load?

Ubuntu comes up with a blank screen with options below so do I start typing out all of the above and then hit save?